1 Description: eal: provide option to set vhost_user socket owner/permissions
3 The API doesn't hold a way to specify a owner/permission set for vhost_user
6 Projects consuming DPDK started to do 'their own workarounds' like openvswitch
7 https://patchwork.ozlabs.org/patch/559043/
8 https://patchwork.ozlabs.org/patch/559045/
9 But for this specific example they are blocked/stalled behind a bigger
10 rework (https://patchwork.ozlabs.org/patch/604898/).
12 We need something now for existing code linking against DPDK. That implies to
13 avoid changing API/ABI. So I created a DPDK EAL commandline option based ideas
14 in the former patches.
19 - with the split libs it now nees to be listed in
20 lib/librte_eal/linuxapp/eal/rte_eal_version.map to work on link steps
21 - please note that upstream gravitates towards not extending but creating a
22 new the API in DPDK as long term solution (will take a while)
23 - also as listed before most affected projects seem to create their own
25 So over time we have to check when we can drop it at the price of a config
26 transition - likely OVS 2.6 won't need it anymore.
29 Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
30 Last-Update: 2016-05-18
32 --- a/lib/librte_eal/common/eal_common_options.c
33 +++ b/lib/librte_eal/common/eal_common_options.c
35 {OPT_VFIO_INTR, 1, NULL, OPT_VFIO_INTR_NUM },
36 {OPT_VMWARE_TSC_MAP, 0, NULL, OPT_VMWARE_TSC_MAP_NUM },
37 {OPT_XEN_DOM0, 0, NULL, OPT_XEN_DOM0_NUM },
38 + {OPT_VHOST_OWNER, 1, NULL, OPT_VHOST_OWNER_NUM },
39 + {OPT_VHOST_PERM, 1, NULL, OPT_VHOST_PERM_NUM },
45 internal_cfg->vmware_tsc_map = 0;
46 internal_cfg->create_uio_dev = 0;
47 + internal_cfg->vhost_sock_owner = NULL;
48 + internal_cfg->vhost_sock_perm = NULL;
52 --- a/lib/librte_eal/common/eal_internal_cfg.h
53 +++ b/lib/librte_eal/common/eal_internal_cfg.h
55 volatile enum rte_intr_mode vfio_intr_mode;
56 const char *hugefile_prefix; /**< the base filename of hugetlbfs files */
57 const char *hugepage_dir; /**< specific hugetlbfs directory to use */
58 + const char *vhost_sock_owner; /**< owner:group of vhost_user sockets */
59 + const char *vhost_sock_perm; /**< permissions of vhost_user sockets */
61 unsigned num_hugepage_sizes; /**< how many sizes on this system */
62 struct hugepage_info hugepage_info[MAX_HUGEPAGE_SIZES];
63 --- a/lib/librte_eal/common/eal_options.h
64 +++ b/lib/librte_eal/common/eal_options.h
66 OPT_VMWARE_TSC_MAP_NUM,
67 #define OPT_XEN_DOM0 "xen-dom0"
69 +#define OPT_VHOST_OWNER "vhost-owner"
70 + OPT_VHOST_OWNER_NUM,
71 +#define OPT_VHOST_PERM "vhost-perm"
76 --- a/lib/librte_vhost/vhost_user/vhost-net-user.c
77 +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
79 pthread_mutex_t mutex;
84 #define MAX_VIRTIO_BACKLOG 128
86 static void vhost_user_server_new_connection(int fd, void *data, int *remove);
90 memset(vsocket, 0, sizeof(struct vhost_user_socket));
91 + rte_eal_set_socket_permissions(path);
92 vsocket->path = strdup(path);
94 if ((flags & RTE_VHOST_USER_CLIENT) != 0) {
95 --- a/lib/librte_eal/linuxapp/eal/eal.c
96 +++ b/lib/librte_eal/linuxapp/eal/eal.c
98 #if defined(RTE_ARCH_X86)
101 +#include <sys/types.h>
105 #include <rte_common.h>
106 #include <rte_debug.h>
108 " --"OPT_CREATE_UIO_DEV" Create /dev/uioX (usually done by hotplug)\n"
109 " --"OPT_VFIO_INTR" Interrupt mode for VFIO (legacy|msi|msix)\n"
110 " --"OPT_XEN_DOM0" Support running on Xen dom0 without hugetlbfs\n"
111 + " --"OPT_VHOST_OWNER" Create vhost-user sockets with this owner:group\n"
112 + " --"OPT_VHOST_PERM" Create vhost-user sockets with these permissions\n"
114 /* Allow the application to print its usage message too if hook is set */
115 if ( rte_application_usage_hook ) {
117 internal_config.create_uio_dev = 1;
120 + case OPT_VHOST_OWNER_NUM:
121 + internal_config.vhost_sock_owner = optarg;
124 + case OPT_VHOST_PERM_NUM:
125 + internal_config.vhost_sock_perm = optarg;
129 if (opt < OPT_LONG_MIN_NUM && isprint(opt)) {
130 RTE_LOG(ERR, EAL, "Option %c is not supported "
131 @@ -943,3 +956,172 @@
132 /* Module has been found */
136 +/* Try to double the size of '*buf', return true
137 + * if successful, and '*sizep' will be updated with
138 + * the new size. Otherwise, return false. */
140 +enlarge_buffer(char **buf, size_t *sizep)
142 + size_t newsize = *sizep * 2;
144 + if (newsize > *sizep) {
145 + *buf = realloc(*buf, newsize);
154 +get_owners_from_str(const char *user_spec, uid_t *uid, gid_t *gid)
156 + size_t bufsize = 4096;
158 + char *pos = strchr(user_spec, ':');
159 + user_spec += strspn(user_spec, " \t\r\n");
160 + size_t len = pos ? (size_t)(pos - user_spec) : strlen(user_spec);
163 + struct passwd pwd, *res;
166 + buf = malloc(bufsize);
167 + char *user_search = NULL;
169 + user_search = malloc(len + 1);
170 + memcpy(user_search, user_spec, len);
171 + user_search[len] = '\0';
172 + while ((e = getpwnam_r(user_search, &pwd, buf, bufsize, &res)) == ERANGE) {
173 + if (!enlarge_buffer(&buf, &bufsize)) {
179 + RTE_LOG(ERR, EAL,"Failed to retrive user %s's uid (%s), aborting.",
180 + user_search, strerror(e));
184 + RTE_LOG(ERR, EAL,"user %s not found, aborting.",
190 + /* User name is not specified, use current user. */
191 + while ((e = getpwuid_r(getuid(), &pwd, buf, bufsize, &res)) == ERANGE) {
192 + if (!enlarge_buffer(&buf, &bufsize)) {
198 + RTE_LOG(ERR, EAL,"Failed to retrive current user's uid "
199 + "(%s), aborting.", strerror(e));
202 + user_search = strdup(pwd.pw_name);
212 + char *grpstr = pos + 1;
213 + grpstr += strspn(grpstr, " \t\r\n");
216 + struct group grp, *res;
219 + buf = malloc(bufsize);
220 + while ((e = getgrnam_r(grpstr, &grp, buf, bufsize, &res))
222 + if (!enlarge_buffer(&buf, &bufsize)) {
228 + RTE_LOG(ERR, EAL,"Failed to get group entry for %s, "
229 + "(%s), aborting.", grpstr,
234 + RTE_LOG(ERR, EAL,"Group %s not found, aborting.",
252 +vhost_set_permissions(const char *vhost_sock_location)
254 + unsigned long int mode = strtoul(internal_config.vhost_sock_perm, NULL, 0);
255 + int err = chmod(vhost_sock_location, (mode_t)mode);
257 + RTE_LOG(ERR, EAL,"vhost-user socket cannot set"
258 + " permissions to %s (%s).\n",
259 + internal_config.vhost_sock_perm, strerror(err));
262 + RTE_LOG(INFO, EAL,"Socket %s changed permissions"
263 + " to %s\n", vhost_sock_location,
264 + internal_config.vhost_sock_perm);
268 +vhost_set_ownership(const char *vhost_sock_location)
273 + if (get_owners_from_str(internal_config.vhost_sock_owner, &vhuid, &vhgid)) {
274 + RTE_LOG(ERR, EAL,"vhost-user socket unable to get"
275 + " specified user/group: %s\n",
276 + internal_config.vhost_sock_owner);
280 + int err = chown(vhost_sock_location, vhuid, vhgid);
282 + RTE_LOG(ERR, EAL,"vhost-user socket unable to set"
283 + " ownership to %s (%s).\n",
284 + internal_config.vhost_sock_owner, strerror(err));
288 + RTE_LOG(INFO, EAL,"Socket %s changed ownership"
289 + " to %s.\n", vhost_sock_location,
290 + internal_config.vhost_sock_owner);
294 +rte_eal_set_socket_permissions(const char *path)
296 + if (internal_config.vhost_sock_perm) {
297 + vhost_set_permissions(path);
300 + if (internal_config.vhost_sock_owner) {
301 + vhost_set_ownership(path);
304 --- a/lib/librte_eal/common/include/rte_eal.h
305 +++ b/lib/librte_eal/common/include/rte_eal.h
307 return RTE_PER_LCORE(_thread_id);
311 + * Set owner/permissions on sockets if requested on EAL commandline
313 +void rte_eal_set_socket_permissions(const char *);
318 --- a/doc/guides/testpmd_app_ug/run_app.rst
319 +++ b/doc/guides/testpmd_app_ug/run_app.rst
322 Use malloc instead of hugetlbfs.
326 + When creating vhost_user sockets change owner and group to the specified value.
327 + This can be given as ``user:group``, but also only ``user`` or ``:group`` are supported.
331 + --vhost-owner 'libvirt-qemu:kvm'
332 + --vhost-owner 'libvirt-qemu'
333 + --vhost-owner ':kvm'
337 + When creating vhost_user sockets set them up with these permissions.
341 + --vhost-perm '0664'
344 Testpmd Command-line Options
345 ----------------------------
346 --- a/lib/librte_eal/linuxapp/eal/rte_eal_version.map
347 +++ b/lib/librte_eal/linuxapp/eal/rte_eal_version.map
349 rte_keepalive_register_core;
350 rte_xen_dom0_supported;
352 + rte_eal_set_socket_permissions;